RepoMirrors
/
openssh
mirror of git://anongit.mindrot.org/openssh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- dtucker@cvs.openbsd.org 2008/06/10 05:23:32 

[addrmatch.sh Makefile]
     Regress test for Match CIDR rules.  ok djm@
This commit is contained in:
Darren Tucker 2008-06-10 23:16:46 +10:00
parent d788b7cb35
commit 10f9242b86
3 changed files with 46 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -29,6 +29,9 @@
- dtucker@cvs.openbsd.org 2008/06/09 18:06:32 - dtucker@cvs.openbsd.org 2008/06/09 18:06:32
[regress/test-exec.sh] [regress/test-exec.sh]
Don't generate putty keys if we're not going to use them. ok djm Don't generate putty keys if we're not going to use them. ok djm
- dtucker@cvs.openbsd.org 2008/06/10 05:23:32
[regress/addrmatch.sh regress/Makefile]
Regress test for Match CIDR rules. ok djm@
20080609 20080609
- (dtucker) OpenBSD CVS Sync - (dtucker) OpenBSD CVS Sync
@ -4115,4 +4118,4 @@
OpenServer 6 and add osr5bigcrypt support so when someone migrates OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@ passwords between UnixWare and OpenServer they will still work. OK dtucker@
$Id: ChangeLog,v 1.4954 2008/06/10 13:15:54 dtucker Exp $ $Id: ChangeLog,v 1.4955 2008/06/10 13:16:46 dtucker Exp $

1
regress/Makefile
View File

@ -47,6 +47,7 @@ LTESTS= connect \
reexec \ reexec \
brokenkeys \ brokenkeys \
cfgmatch \ cfgmatch \
addrmatch \
localcommand \ localcommand \
forcecommand forcecommand

41
regress/addrmatch.sh Normal file
View File

@ -0,0 +1,41 @@
# $OpenBSD: addrmatch.sh,v 1.0 2008/06/10 05:23:32 dtucker Exp $
# Placed in the Public Domain.
tid="address match"
mv $OBJ/sshd_proxy $OBJ/sshd_proxy_orig
run_trial()
{
user="$1"; addr="$2"; host="$3"; expected="$4"; descr="$5"
verbose "test $descr for $user $addr $host"
result=`${SSHD} -f $OBJ/sshd_proxy -T \
-C user=${user},addr=${addr},host=${host} | \
awk '/passwordauthentication/ {print $2}'`
if [ "$result" != "$expected" ]; then
fail "failed for $user $addr $host: expected $expected, got $result"
fi
}
cp $OBJ/sshd_proxy_orig $OBJ/sshd_proxy
cat >>$OBJ/sshd_proxy <<EOD
PasswordAuthentication no
Match Address 192.168.0.0/16,!192.168.30.0/24,10.0.0.0/8,host.example.com
PasswordAuthentication yes
Match Address 1.1.1.1,::1,!::3,2000::/16
PasswordAuthentication yes
EOD
run_trial user 192.168.0.1 somehost yes "permit, first entry"
run_trial user 192.168.30.1 somehost no "deny, negative match"
run_trial user 19.0.0.1 somehost no "deny, no match"
run_trial user 10.255.255.254 somehost yes "permit, list middle"
run_trial user 192.168.30.1 192.168.0.1 no "deny, faked IP in hostname"
run_trial user 1.1.1.1 somehost.example.com yes "permit, bare IP4 address"
run_trial user ::1 somehost.example.com yes "permit, bare IP6 address"
run_trial user ::2 somehost.exaple.com no "deny IPv6"
run_trial user ::3 somehost no "deny IP6 negated"
run_trial user ::4 somehost no "deny, IP6 no match"
run_trial user 2000::1 somehost yes "permit, IP6 network"
run_trial user 2001::1 somehost no "deny, IP6 network"